CA: A New Step into Security Management
Dec 16, 2015
CA: A New Step into Security Management
Antivirus
The Theory of “Defense in Depth” (DiD)
A
B
C
D
F
Information
Security
Readiness
ApplicationGateway
Network and HostIntrusion Detection Systems (IDS)
Physical Security
Content Filters
Identity Management Access Control
Typical DiD Mix of Products
Quantity and Sophistication of Solutions
More = better, right?
Firewalls
Antivirus Logs
A
B
C
D
F
No Information Sharing Between Products
Unmanageable Signal/Noise Ratio
Information
Security
Readiness
Application GatewayLogs
Network and HostIDS Logs
Physical Security Logs
Content Filters
Identity Management LogsAccess Control
Security Data Diminishes Security Readiness
The Reality of “Defense in Depth”
Firewall Log
More = Less
Do the Math
Millions of Events/
Day =
SecurityInformation
Overload
Millions of Events/
Day =
SecurityInformation
Overload
Security Solutions
Multiple Antivirus Vendors
Firewall
VPNs
Access Control
Web Access Control
Intrusion Detection
User Administration
Public Key Infrastructure
Vulnerability Tools
Alarms/Alerts
Security Solutions
Multiple Antivirus Vendors
Firewall
VPNs
Access Control
Web Access Control
Intrusion Detection
User Administration
Public Key Infrastructure
Vulnerability Tools
Alarms/Alerts
Platforms
MS Windows 9x
NT/2000/2003
MS Windows XP
Linux
UNIX
z/OS
Embedded System
Platforms
MS Windows 9x
NT/2000/2003
MS Windows XP
Linux
UNIX
z/OS
Embedded System
Number of
Servers
Gateways
Desktops
PDAs
Phones
Mobile Handhelds
Number of
Servers
Gateways
Desktops
PDAs
Phones
Mobile Handhelds
Applications
Sap
Oracle
PeopleSoft
WebLogic
Apache
IIS
External
Internaal
Shared
Applications
Sap
Oracle
PeopleSoft
WebLogic
Apache
IIS
External
Internaal
Shared
Number
of
Users
Number
of
Users
x x x x =
Control Access to Resources
Manage Vulnerabilities and Content
Manage Users
What is eTrust™?
Managing Security Information Overload
eTrust™
Partner Quote
“CA’s eTrust Security Command Center fits very well within our overall solutions strategy, and is something we’re very excited to add to our portfolio of offerings. Many of our clients talk about the need to bring logic and order to the overwhelming amount of security-related data they deal with on a daily basis, and products like CA’s eTrust Security Command Center are a big step toward making this a reality.”
Mark DollAmericas DirectorSecurity and Technology SolutionsErnst & Young
eTrust SCC
Operational & Situational Awareness
Third-Party
Integrations
Role-Based Views
eTrust SCC
Reports
Manage UsersManage
Vulnerabilities and Content
Control Access to Resources
eTrust™
NetworkForensics
eTrust™
NetworkForensics
Introducing eTrust™ Network Forensics
eTrust Network Forensics Value Proposition– Mitigate risks through proactive network security analysis
– Provide holistic insight into nodal communications to help enable regulatory and corporate policy compliance through early detection of misuse and abnormal behavior
– Complement existing security solutions with powerful visualization rendering and analysis during forensic investigations
Managing Risk and Protecting Value– Data collection and visualization for network security forensics
– Pattern and content analysis
– Forensic analysis and investigation
eTrust Network Forensics Value Proposition
Note: The entire eTrust Network Forensics system methodology is protected by PAT SR 6,304,262 and SR 6,269,447 eTrust Network Forensics components
Data collection and visualization– Monitor and analyze data from all seven layers of the Open Systems
Interconnection (OSI) stack
– Binary tree ontology for knowledge base
– TCP dump recording: records traffic being monitored in an unprocessed state for forensic evidence
Pattern and content analysis– “Intelligence-grade” traffic analysis
– Binary-level, n-gram analysis
– Functions irrespective of language
Forensic analysis and investigation– Visual arrangement production that includes source, destination, time,
type and duration of communication
– Monitor and record content
Key Features
A Picture is Worth a Thousand Words
Profile– A computer crime investigations company servicing Wall Street firms
– Focuses on post-incident forensic analysis
Issue– Costly and time-consuming effort to provide investigation services
– Manual aggregation and correlation of logs to identify issues, breaches and patterns
– Labor-intensive, manual generation of credible evidence
Action taken– Deployed eTrust Network Forensics at customer sites
Result– Rapidly identified “trouble spots” through visual cues
– More quickly identified abnormal traffic behavior through link-node correlative analysis
– Enabled incident sequencing to understand event propagation
Computer Crime Investigators
VPN Traffic Events
Overlay Intrusion Detection
System Alerts
Blocked FirewallTraffic
eTrust Network Forensics Analyzer Example: Event Correlation
More than 100 customers
– More than 20 customers are government security agencies/departments
Significant presence in regulated or IP-intensive industries, such as health care and financial services
eTrust Network Forensics Customers
Thank you